From e731e5a7c7f662154ff8f509343a8b9a0cbd87b5 Mon Sep 17 00:00:00 2001
From: Nishant Kumar Singh <nishantsingh2jan1998@gmail.com>
Date: Fri, 10 Apr 2026 02:58:12 +0000
Subject: [PATCH] aplay: use snprintf instead of sprintf in device_list()

sprintf() does not perform bounds checking. Replace it with snprintf()
using sizeof(name) to follow safer coding practices and make the buffer
size explicit, consistent with how similar fixes have been applied
elsewhere in the codebase

Signed-off-by: Nishant Kumar Singh <nishantsingh2jan1998@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
---
 aplay/aplay.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/aplay/aplay.c b/aplay/aplay.c
index 0050032..74ec947 100644
--- a/aplay/aplay.c
+++ b/aplay/aplay.c
@@ -283,7 +283,7 @@ static void device_list(void)
 	       snd_pcm_stream_name(stream));
 	while (card >= 0) {
 		char name[32];
-		sprintf(name, "hw:%d", card);
+		snprintf(name, sizeof(name), "hw:%d", card);
 		if ((err = snd_ctl_open(&handle, name, 0)) < 0) {
 			error("control open (%i): %s", card, snd_strerror(err));
 			goto next_card;
-- 
2.52.0